The REST API supports cross-origin resource sharing (CORS) security.

CORS support allows you to define which domains can access each REST API. By defining a CORS rule, you can whitelist a domain to allow cross-origin requests from that domain. Cross-origin requests cannot be made from domains without a CORS rule.

Note: CORS support applies only to REST APIs, including scripted REST web services. Other web service APIs, such as the SOAP API, do not support CORS.

You can configure CORS to allow access to only certain APIs, HTTP methods, and headers from other domains. For example, you can limit requests to the Table API from a specific domain to allow only GET operations.

To view the CORS rules defined on your instance, navigate to System Web Services > CORS Rules.

You can disable CORS support for an instance by setting the property to false. When false, no CORS evaluation is performed on incoming REST requests. This property is true by default.